As the Cybersecurity and Infrastructure Security Agency (CISA) finishes up the rulemaking process for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), CISA Director Jen Easterly said today that trusted partnerships are vital to sharing threat information in the meantime.

Easterly said that CISA is currently finishing up work on the Notice of Proposed Rulemaking for its cyber incident reporting rule, which she said “should be out later this year or early next year.”

CIRCIA – which was signed into law in March 2022 – requires CISA to develop and implement regulations requiring covered entities to report cyber incidents and ransomware payments to the government.

“Until we have that in place, we need to make sure that we are all communicating around threats, realizing that a threat to one is a threat to many,” Easterly said at the Billington Cybersecurity Summit today in Washington, D.C. “So, that is the continued thing that I would ask is partner with us and also give us feedback.”

Easterly explained that when she thinks of her two and a half years at CISA so far, “there’s really one word that comes to mind,” which is partnership.

“We are at our core a voluntary partnership agency whose success is entirely predicated on our ability to create trusted partnerships,” the CISA director said.

Easterly noted that CISA is working towards a model of “persistent operational collaboration,” which she said has three core goals. These include the idea of a default to share, recognizing that a threat to one is a threat to all; a co-equal partnership between industry and government with reciprocal expectations; and a frictionless experience and exchange of information between organizations.

As part of this transformation, the CISA director pointed to the Joint Cyber Defense Collaborative (JCDC), which has grown from a select few companies to hundreds now.

“We approach these partnerships with a sense of humility, a sense of transparency, always trying to add value, and quite frankly, on a human level, an assumption of noble intent, because we know these partnerships don’t work unless we can trust each other,” she said.

CISA is also looking to extend a hand to the general public as well, Easterly said, by launching its first Public Service Awareness (PSA) campaign later this month.

“We hope to really get the nation energized about how we can keep ourselves safe and the simple steps that we can take, so stay tuned for that,” she teased.

Read More About
More Topics
Grace Dille
Grace Dille
Grace Dille is MeriTalk's Assistant Managing Editor covering the intersection of government and technology.